Security

HBGary Releases Aurora Detection Tool

Security vendor HBGary has released a free software tool that can remove "Aurora" malware, linked to corporate espionage at more than 30 companies.

Called the Aurora Inoculation Shot, this utility will remotely scan Windows machines over the network for signs of Aurora and can remove the malicious software as well. It uses the Windows Management Instrumentation services to carry out the inoculation.

Although Aurora has been linked to attacks on just 34 companies, the software has captured the attention of corporate executives, because some believe that is connected to a widespread industrial espionage campaign originating from China.

Last month, Google admitted that it had been hacked by Aurora software and the company's security team gained access to a command-and-control server that held data linking the attack to other major companies such as Adobe Systems and, according to reports, Symantec, Juniper Networks, Northrop Grumman and Dow Chemical.

Security experts have now identified a dozen other Aurora command-and-control servers that may be collecting data on other companies, but many of those servers are hosted by ISPs that have not cooperated with investigations.

At this point, experts are divided on whether Aurora is important because it represents a widespread campaign, possibly condoned or even sponsored by the Chinese government, or because Google took the unusual step of admitting that it had been hacked.

According to HBGary CEO Greg Hoglund, the Aurora malware is similar to many other programs that have been used by criminals for years now. "The Aurora stuff isn't that complicated," He said. "It smells like any other criminal malware that's out there."

Although Google made the Aurora hack a point of negotiation with the People's Republic of China, "there's no hard evidence anywhere that shows that China's government has anything to do with it," Hoglund said.

Despite all the attention Aurora has received, the problem "hasn't gone away," Hoglund added. "It's still out there and operating."

That's why HBGary has made the inoculation software available. The company has also released a report outlining what is publicly known about the malware. "We're the first ones to release a concise report that brings all the data to one spot," he said.

Subscribe to the Security Watch Newsletter

Comments